KPMG’s number is derived from the court system. The much larger number is the result of a review of 19 years’ worth of data and applying the global average loss rate to UK GDP.

Whatever the real number, both studies agree that fraud is growing dramatically, and cyber-enabled fraud is growing the fastest of all.

This growth is a huge challenge to business. Traditional counter-fraud teams have neither the resources nor the skills required to monitor, identify and mitigate the huge volume of digitally-driven fraud attempts they are now seeing. Smaller businesses are experiencing high-volumes of attack for the first time, and typically have no dedicated resources at all.

Is the solution to hire larger teams? Possibly. But before incurring that very significant expense, companies can look at other approaches. After all, humans are not very good at dealing with and processing large datasets. They are not able to identify more than a few, simple patterns in complex data. They’re not very fast, and they tend to dislike highly repetitive tasks.

Machines are good at all of these things, which is why machine learning is now being hailed as the answer to the huge increases we are seeing in fraud. Many products now are being launched with or modified to incorporate what vendors often call ‘artificial intelligence (AI)’ – a catch-all term that covers a multitude of different technologies such as machine learning, neuro-linguistic programming, deep learning and neural networks.

If you’re looking at buying a machine learning solution, it’s beneficial to understand how they work, and what their limits are. Before you buy, ask these questions.

What to ask when buying a machine learning or AI solution

Algorithms: what techniques does the software use and why? Make sure you understand at least the basics of techniques like logistic regression, decision tree algorithms, the random forest technique, and neural networks.

Updates: how frequently does the vendor update them and release new algorithms?

Warm-up period: how much time and data does the model need to run on before it can accurately detect fraud anomalies in a new environment?

Inspectability: can the model ‘explain’ why it has flagged a particular transaction as suspect? The most complex neural network AI-based models cannot do this.

Level of false results: AI and machine learning algorithms estimate how much an anomaly looks like something problematic. This process naturally creates false positives and negatives. What is the percentage of these and what techniques are used to ensure a minimal number?

Sophistication: how are the algorithms used protected from being tricked – especially by AI used by hackers and fraudsters?

Prioritisation: how does the product prioritise critical and high-risk hosts that require immediate attention from an analyst?

Integration: how does the product fit into existing processes? How complex is its output? What oversight does it need? How does it reduce the workload for security analysts?

Enhanced data: machine learning models analyse actions, behaviour and activity. They have to be told about connections in data (like a shared card between two accounts). How does the vendor enhance the AI model with external data to ensure the model understands these vital connections?

The Cloud: machine learning solutions generally site their analytics engines in the Cloud. How does the vendor ensure that the permanent Cloud connection required to run the solution is itself secure? And how does that connectivity work in segmented networks or sensitive environments where such a connection is not allowed?

Simon is Managing Editor at AKJ Associates – specialists in connecting information security stakeholders and service suppliers to help solve the security, compliance and risk management challenges facing organisations and corporations around the globe.

Simon is Managing Editor at AKJ Associates – specialists in connecting information security stakeholders and service suppliers to help solve the security, compliance and risk management challenges facing organisations and corporations around the globe.